redirect sw.lsstcorp.org -> eups.lsst.codes

XMLWordPrintable

Details

• Type: Story
• Status: Done
• Resolution: Done
• Fix Version/s: None
• Component/s:
• Labels:
None
• Story Points:
2.25
• Team:
SQuaRE

Description

So as to not 'orphan' pre-existing newinstall.sh installs that have an EUPS_PKGROOT pointed at sw.lsstcorp.org, an http redirect should be put in place to the new URL.

Iain Goodenow has agreed to change the sw.lsstcorp.org CNAME when we are ready. Bill Glick has provided a copies of the tls private key/cert.

Activity

Joshua Hoblitt created issue -
Joshua Hoblitt made changes -
Field Original Value New Value
Epic Link DM-9830 [ 31212 ]
Joshua Hoblitt made changes -
 Link This issue is triggered by DM-11355 [ DM-11355 ]
Hide
Joshua Hoblitt added a comment - - edited

Jira doesn't seem to have picked up the GH PR for the deployment. https://github.com/lsst-sqre/deploy-eups-redirect/pull/1

Show
Joshua Hoblitt added a comment - - edited Jira doesn't seem to have picked up the GH PR for the deployment. https://github.com/lsst-sqre/deploy-eups-redirect/pull/1
Hide
Joshua Hoblitt added a comment -

Could one of (Adam Thornton, Jonathan Sick, Angelo Fausti) give this a quick review? I don't think there is much of interest other than the way puppet is used in the docker image build.

Show
Joshua Hoblitt added a comment - Could one of ( Adam Thornton , Jonathan Sick , Angelo Fausti ) give this a quick review? I don't think there is much of interest other than the way puppet is used in the docker image build.
Joshua Hoblitt made changes -
 Reviewers Adam Thornton, Angelo Fausti, Jonathan Sick [ athornton, afausti, jsick ] Status To Do [ 10001 ] In Review [ 10004 ]
Hide
Joshua Hoblitt added a comment -

The site is live as https://eups-redirect.lsst.codes/ but that will give you a cert error as the CN is for sw.lsstcorp.org.

Show
Joshua Hoblitt added a comment - The site is live as https://eups-redirect.lsst.codes/ but that will give you a cert error as the CN is for sw.lsstcorp.org .
Hide
Joshua Hoblitt added a comment -

I discovered yesterday that all release of packer, up to and including 1.0.3, are broken with current docker releases (at least 1.12.6 & 1.13.1). After wasting a lot of time wrestling with this, I "resorted" to installing/uninstall puppet within a single docker layer in order to be able to use puppet to configure nginx while keeping the layer size down.

Show
Joshua Hoblitt added a comment - I discovered yesterday that all release of packer, up to and including 1.0.3 , are broken with current docker releases (at least 1.12.6 & 1.13.1 ). After wasting a lot of time wrestling with this, I "resorted" to installing/uninstall puppet within a single docker layer in order to be able to use puppet to configure nginx while keeping the layer size down.
Joshua Hoblitt made changes -
 Story Points 1.5
Hide
Joshua Hoblitt added a comment -

IainAdmin GoodenowAdmin has changed the sw.lsstcorp.org CNAME to point to eups-redirect.lsst.codes:

 $curl -I https://sw.lsstcorp.org/eupspkg/ HTTP/1.1 302 Moved Temporarily Server: nginx/1.9.8 Date: Tue, 25 Jul 2017 23:45:24 GMT Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: https://eups.lsst.codes/stack/src/ Strict-Transport-Security: max-age=15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff   Show Joshua Hoblitt added a comment - IainAdmin GoodenowAdmin has changed the sw.lsstcorp.org CNAME to point to eups-redirect.lsst.codes :$ curl -I https: //sw.lsstcorp.org/eupspkg/ HTTP/ 1.1 302 Moved Temporarily Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 45 : 24 GMT Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: https: //eups.lsst.codes/stack/src/ Strict-Transport-Security: max-age= 15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff
Hide
Joshua Hoblitt added a comment -

HTTP (non-TLS) sanity check:

 $curl -LI http://sw.lsstcorp.org/eupspkg/ HTTP/1.1 301 Moved Permanently Server: nginx/1.9.8 Date: Tue, 25 Jul 2017 23:48:36 GMT Content-Type: text/html Content-Length: 184 Connection: keep-alive Location: https://sw.lsstcorp.org/eupspkg/   HTTP/1.1 302 Moved Temporarily Server: nginx/1.9.8 Date: Tue, 25 Jul 2017 23:48:36 GMT Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: https://eups.lsst.codes/stack/src/ Strict-Transport-Security: max-age=15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff   HTTP/1.1 200 OK Server: nginx/1.9.8 Date: Tue, 25 Jul 2017 23:48:37 GMT Content-Type: text/html;charset=UTF-8 Connection: keep-alive Strict-Transport-Security: max-age=15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff   Show Joshua Hoblitt added a comment - HTTP (non-TLS) sanity check:$ curl -LI http: //sw.lsstcorp.org/eupspkg/ HTTP/ 1.1 301 Moved Permanently Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 48 : 36 GMT Content-Type: text/html Content-Length: 184 Connection: keep-alive Location: https: //sw.lsstcorp.org/eupspkg/   HTTP/ 1.1 302 Moved Temporarily Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 48 : 36 GMT Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: https: //eups.lsst.codes/stack/src/ Strict-Transport-Security: max-age= 15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff   HTTP/ 1.1 200 OK Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 48 : 37 GMT Content-Type: text/html;charset=UTF- 8 Connection: keep-alive Strict-Transport-Security: max-age= 15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff
Joshua Hoblitt made changes -
 Link This issue is triggering RFC-364 [ RFC-364 ]
Joshua Hoblitt made changes -
 Epic Link DM-9830 [ 31212 ] DM-10099 [ 31683 ]
Hide
Joshua Hoblitt added a comment -
Show
Joshua Hoblitt added a comment - ping Adam Thornton , Jonathan Sick , Angelo Fausti
Hide
Jonathan Sick added a comment -

Looks good. I left a few comments on the PR.

Show
Jonathan Sick added a comment - Looks good. I left a few comments on the PR.
Jonathan Sick made changes -
 Reviewers Adam Thornton, Angelo Fausti, Jonathan Sick [ athornton, afausti, jsick ] Adam Thornton, Angelo Fausti [ athornton, afausti ]
Hide
Joshua Hoblitt added a comment -

Adam Thornton I would like to add the sensu-plugins-http gem to the status host in order to use a check plugin that supports testing http redirects. Eg.

 [root@1c20c333e9ed /]# check-http.rb -h sw.lsstcorp.org -u https://sw.lsstcorp.org/eupspkg/ --redirect-to https://eups.lsst.codes/stack/src/ CheckHttp OK: 302 found redirect to https://eups.lsst.codes/stack/src/ 

Do you have any objection(s)?

Show
Joshua Hoblitt added a comment - Adam Thornton I would like to add the sensu-plugins-http gem to the status host in order to use a check plugin that supports testing http redirects. Eg. [root @1c20c333e9ed /]# check-http.rb -h sw.lsstcorp.org -u https: //sw.lsstcorp.org/eupspkg/ --redirect-to https://eups.lsst.codes/stack/src/ CheckHttp OK: 302 found redirect to https: //eups.lsst.codes/stack/src/ Do you have any objection(s)?
Hide

What is the advantage of pulling Ruby in versus adding the -f follow option to the existing check_http check?

https://www.monitoring-plugins.org/doc/man/check_http.html

Show
Adam Thornton added a comment - What is the advantage of pulling Ruby in versus adding the -f follow option to the existing check_http check? https://www.monitoring-plugins.org/doc/man/check_http.html
Hide
Joshua Hoblitt added a comment -

The -f flag only states checks that there is a redirect, not what url is redirected to.

Show
Joshua Hoblitt added a comment - The -f flag only states checks that there is a redirect, not what url is redirected to.
Hide
Joshua Hoblitt added a comment -

The motivation here is that the redirect url already got broken once by accident.

Show
Joshua Hoblitt added a comment - The motivation here is that the redirect url already got broken once by accident.
Hide

I guess that's a good reason to do this. Please document what the package requirements are for Ruby although since creation of status is not in fact automated it's less of a priority than it would be if the thing were properly put together in the first place.

This would be a good example of the prototype sticking around, I guess.

Show
Adam Thornton added a comment - I guess that's a good reason to do this. Please document what the package requirements are for Ruby although since creation of status is not in fact automated it's less of a priority than it would be if the thing were properly put together in the first place. This would be a good example of the prototype sticking around, I guess.
Joshua Hoblitt made changes -
 Story Points 1.5 2.25
Joshua Hoblitt made changes -
 Reviewers Adam Thornton, Angelo Fausti [ athornton, afausti ] Adam Thornton [ athornton ]
Hide
Joshua Hoblitt added a comment -

Adam Thornton The gem turned out to be a bit of a pita on el7 due to the old system ruby but I think I've come up with a reasonable solution by using an SCL. I've opened a PR that adds cut'n'pastable install instructions for sensu-plugins-http, checks for sw.lsstcorp.org, and additional checks for eups.lsst.codes. Needless to say, the nagios configs are untested as there is no automated deployment to test with.

Show
Joshua Hoblitt added a comment - Adam Thornton The gem turned out to be a bit of a pita on el7 due to the old system ruby but I think I've come up with a reasonable solution by using an SCL. I've opened a PR that adds cut'n'pastable install instructions for sensu-plugins-http , checks for sw.lsstcorp.org, and additional checks for eups.lsst.codes. Needless to say, the nagios configs are untested as there is no automated deployment to test with.
Joshua Hoblitt made changes -
 Resolution Done [ 10000 ] Status In Review [ 10004 ] Done [ 10002 ]

People

• Assignee:
Joshua Hoblitt
Reporter:
Joshua Hoblitt
Reviewers:
Watchers:
Adam Thornton, Angelo Fausti, Bill Glick, John Swinbank, Jonathan Sick, Joshua Hoblitt, Kian-Tat Lim, Tim Jenness